Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

204 advisories

Loading
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for... Moderate Unreviewed
CVE-2023-38523 was published Jul 20, 2023
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does... Moderate Unreviewed
CVE-2023-35872 was published Jul 11, 2023
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does... Moderate Unreviewed
CVE-2023-35873 was published Jul 11, 2023
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an... Moderate Unreviewed
CVE-2023-28761 was published Jul 6, 2023
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital... Moderate Unreviewed
CVE-2023-2827 was published Jun 13, 2023
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can... Moderate Unreviewed
CVE-2023-2187 was published Jun 7, 2023
It is identified a vulnerability of insufficient authentication in an important specific function... Moderate Unreviewed
CVE-2023-25780 was published Jun 2, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass... Moderate Unreviewed
CVE-2022-36249 was published May 30, 2023
Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data... Moderate Unreviewed
CVE-2023-23545 was published May 23, 2023
A vulnerability in the social login configuration option for the guest users of Cisco Business... Moderate Unreviewed
CVE-2023-20003 was published May 18, 2023
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be... Moderate Unreviewed
CVE-2022-40725 was published Apr 25, 2023
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The... Moderate Unreviewed
CVE-2023-27571 was published Apr 15, 2023
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control... Moderate Unreviewed
CVE-2023-24527 was published Apr 11, 2023
The Bluetooth module has an authentication bypass vulnerability in the pairing process.... Moderate Unreviewed
CVE-2022-48291 was published Mar 28, 2023
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without... Moderate Unreviewed
CVE-2023-28470 was published Mar 23, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server... Moderate Unreviewed
CVE-2023-27983 was published Mar 21, 2023
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791,... Moderate Unreviewed
CVE-2023-25615 was published Mar 14, 2023
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any... Moderate Unreviewed
CVE-2023-24526 was published Mar 14, 2023
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with... Moderate Unreviewed
CVE-2023-20857 was published Feb 28, 2023
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the... Moderate Unreviewed
CVE-2022-27891 was published Feb 16, 2023
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one... Moderate Unreviewed
CVE-2022-3738 was published Jan 19, 2023
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where... Moderate Unreviewed
CVE-2022-3188 was published Dec 22, 2022
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an... Moderate Unreviewed
CVE-2022-30515 was published Nov 9, 2022
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this... Moderate Unreviewed
CVE-2022-3675 was published Nov 3, 2022
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4... Moderate Unreviewed
CVE-2022-42473 was published Nov 2, 2022
ProTip! Advisories are also available from the GraphQL API